starwoodhotels.com XSS vulnerability

2017-10-16T07:47:00
ID OBB:339525
Type openbugbounty
Reporter tbm
Modified 2017-12-18T15:42:00

Description

Vulnerable URL:
https://www.starwoodhotels.com/preferredguest/room.html?propertyID=331">&departureDate;=2017-10-14&lengthOfStay;=1&arrivalDate;=2017-10-13&localeCode;=en_US&numberOfRooms;=1&language;=en_US&numberOfAdults;=1&ES;=LPS_331_EN_SI_BOOKWIDGET_SE_EAME&numberOfChildren;=0
Details:

Description| Value
---|---
Patched:| Yes, at 18.12.2017
Latest check for patch:| 18.12.2017 15:42 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3102
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 16 October, 2017 07:47 GMT
Vulnerability existence verified and confirmed| 17 October, 2017 10:05 GMT
Generic security notifications sent to website owner| 17 October, 2017 10:05 GMT
Notification sent to subscribers (without technical details)| 17 October, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 18 December, 2017 08:29 GMT
Vulnerability patched by the website owner| 18 December, 2017 15:42 GMT